Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-4269] Use rustls on non-wasm platforms #374

Merged
merged 12 commits into from
Jan 8, 2024
270 changes: 167 additions & 103 deletions Cargo.lock

Large diffs are not rendered by default.

5 changes: 5 additions & 0 deletions about.toml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,9 @@ accepted = [
"MPL-2.0",
"LGPL-3.0",
"Unicode-DFS-2016",
"OpenSSL",
]

# Ring has all the licenses combined into a single file, which causes cargo about to
# be confused about it. Thankfully it includes a workaround for this that we can enable.
workarounds = ["ring"]
1 change: 1 addition & 0 deletions crates/bitwarden-api-api/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,6 @@ uuid = { version = ">=1.3.3, <2", features = ["serde"] }
[dependencies.reqwest]
version = ">=0.11.18, <0.12"
features = ["json", "multipart"]
default-features = false
dani-garcia marked this conversation as resolved.
Show resolved Hide resolved

[dev-dependencies]
1 change: 1 addition & 0 deletions crates/bitwarden-api-identity/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,6 @@ uuid = { version = ">=1.3.3, <2", features = ["serde"] }
[dependencies.reqwest]
version = ">=0.11.18, <0.12"
features = ["json", "multipart"]
default-features = false

[dev-dependencies]
3 changes: 0 additions & 3 deletions crates/bitwarden-uniffi/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,3 @@ bitwarden = { path = "../bitwarden", features = ["mobile", "internal"] }

[build-dependencies]
uniffi = { version = "=0.25.2", features = ["build"] }

[target.'cfg(any(target_os = "android", target_os = "ios"))'.dependencies]
openssl = { version = "0.10", features = ["vendored"] }
4 changes: 4 additions & 0 deletions crates/bitwarden/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Changed

- Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`.

## [0.4.0] - 2023-12-21

### Added
Expand Down
21 changes: 20 additions & 1 deletion crates/bitwarden/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,9 @@ num-bigint = ">=0.4, <0.5"
num-traits = ">=0.2.15, <0.3"
pbkdf2 = { version = ">=0.12.1, <0.13", default-features = false }
rand = ">=0.8.5, <0.9"
reqwest = { version = ">=0.11, <0.12", features = ["json"] }
reqwest = { version = ">=0.11, <0.12", features = [
"json",
], default-features = false }
rsa = ">=0.9.2, <0.10"
schemars = { version = ">=0.8.9, <0.9", features = ["uuid1", "chrono"] }
serde = { version = ">=1.0, <2.0", features = ["derive"] }
Expand All @@ -60,6 +62,23 @@ thiserror = ">=1.0.40, <2.0"
uniffi = { version = "=0.25.2", optional = true, features = ["tokio"] }
uuid = { version = ">=1.3.3, <2.0", features = ["serde"] }

[target.'cfg(all(not(target_os = "android"), not(target_arch="wasm32")))'.dependencies]
# By default, we use rustls as the TLS stack and rust-platform-verifier to support user-installed root certificates
# There are a few exceptions to this:
# - WASM doesn't require a TLS stack, as it just uses the browsers/node fetch
# - Android uses webpki-roots for the moment
reqwest = { version = "*", features = [
"rustls-tls-manual-roots",
], default-features = false }
rustls-platform-verifier = "0.1.0"

[target.'cfg(target_os = "android")'.dependencies]
# On android, the use of rustls-platform-verifier is more complicated and going through some changes at the moment, so we fall back to using webpki-roots
# This means that for the moment android won't support self-signed certificates, even if they are included in the OS trust store
reqwest = { version = "*", features = [
"rustls-tls-webpki-roots",
], default-features = false }

[dev-dependencies]
rand_chacha = "0.3.1"
tokio = { version = "1.35.1", features = ["rt", "macros"] }
Expand Down
14 changes: 10 additions & 4 deletions crates/bitwarden/src/client/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -88,10 +88,16 @@ impl Client {

let headers = header::HeaderMap::new();

let client = reqwest::Client::builder()
.default_headers(headers)
.build()
.unwrap();
#[allow(unused_mut)]
let mut client_builder = reqwest::Client::builder().default_headers(headers);

#[cfg(all(not(target_os = "android"), not(target_arch = "wasm32")))]
{
client_builder =
client_builder.use_preconfigured_tls(rustls_platform_verifier::tls_config());
}

let client = client_builder.build().unwrap();

let identity = bitwarden_api_identity::apis::configuration::Configuration {
base_path: settings.identity_url,
Expand Down
4 changes: 4 additions & 0 deletions crates/bws/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Changed

- Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`.

## [0.4.0] - 2023-12-21

### Added
Expand Down
3 changes: 0 additions & 3 deletions crates/bws/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,3 @@ bitwarden = { path = "../bitwarden", version = "0.4.0", features = ["secrets"] }

[dev-dependencies]
tempfile = "3.9.0"

[target.'cfg(target_os = "linux")'.dependencies]
openssl = { version = "0.10", features = ["vendored"] }
6 changes: 0 additions & 6 deletions crates/bws/Cross.toml

This file was deleted.

1 change: 1 addition & 0 deletions support/openapi-template/Cargo.mustache
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ reqwest = "~0.9"
[dependencies.reqwest]
version = "^0.11"
features = ["json", "multipart"]
default-features = false
{{/supportAsync}}
{{/reqwest}}
{{#withAWSV4Signature}}
Expand Down